Where did you get your APK from? My copy from F-Droid isn’t even being marked as dangerous.
Also, your webp has a lot of JPEG artifacting. I’m not sure why, but next time you download your screenshot from Reddit you might want to take the compression down a tad. The original is only 40KiB…
Edit: based on someone else’s screenshot:
it’s probably because there’s an org.kde.kdeconnect package on the Play Store with a different signature. “Same package name, different signature” is probably the most basic form of fake app detection they implement and I can see why they thought it was a good idea. Pretty shit that they still seem to kill apps when Play Protect is supposed to be disabled, though!
Or someone hacked a server somewhere and uploaded a copy with malware in it. That occasionally happens in open source projects but you usually hear about it.
Where did you get your APK from? My copy from F-Droid isn’t even being marked as dangerous.
Also, your webp has a lot of JPEG artifacting. I’m not sure why, but next time you download your screenshot from Reddit you might want to take the compression down a tad. The original is only 40KiB…
Edit: based on someone else’s screenshot:
it’s probably because there’s an org.kde.kdeconnect package on the Play Store with a different signature. “Same package name, different signature” is probably the most basic form of fake app detection they implement and I can see why they thought it was a good idea. Pretty shit that they still seem to kill apps when Play Protect is supposed to be disabled, though!
Or someone hacked a server somewhere and uploaded a copy with malware in it. That occasionally happens in open source projects but you usually hear about it.